Continuing on the previous post about the potential use cases of Cloud and the argument that does Cloud provide savings, there were a couple of questions raised. Security is one of the key aspects I did not cover at all in my previous post. So, this week let me go over that specific area of Security and what the approach should be when looking at Cloud and its security.
Every cloud provider is investing a huge part of their research and development on security aspects of the cloud. It is one of the most prominent area which needs to be looked at and reviewed in much more detail than any other aspect. A design flaw in the functional aspects or incorrect platform/service decisions are easy to rework and with the flexibility of the cloud, such decisions are no longer a worry.
The worry is now hugely on security. The clouds of today provide a wide variety of security options to ensure that whatever is stored/running in cloud is much more secure than running it anywhere else. It is backed by the range of the functions available and one of the key marketing and technology selection points towards a journey to cloud. The cloud has all the bells and whistles to handle different platforms and varying load without causing disruptions of the application availability but a lack of security functions in today's world could compromise the entire application and data associated with it.
The cloud security to me is a double-edged sword. You can use to protect your data and applications under all possible scenarios or an incorrect implementation could kill you right in your own house. Let's look at this with a very simple example.
You provision a single virtual machine running a Web Server in your own data center. Now in order to make this server accessible from the internet, you would need to configure your different firewalls and security devices (assuming you have all of these - which are a must in today's world). If not you, someone in this whole chain of implementation would pick up things which you might have missed out in making your server secure.
On the other hand, if you take the cloud security lightly, you could spin up a VM in cloud and assign it a public IP and a wide-open access policy and boom!! your server is now wide open on the internet calling all the hackers and troublemakers with an open gate. A small activity but unless properly governed, secured, reviewed and audited regularly could result in a disaster down the line.
What this example tells us that even though cloud takes away a lot of work done in traditional on-premise implementations but at the same time it requires a completely different kind of approach to ensure that you can still reap the benefits of the cloud and not get killed by it. This is also evident by the facts that most of the cloud breaches that happen today are most likely due to configuration issues where either the process was not followed or the review missed some certain aspects of the security of the resources being provisioned. I believe the quote from the famous comic line of Spiderman hold aptly true here - "WITH GREAT POWER COMES GREAT RESPONSIBILITY". In the case of cloud, it is much more "GREATER RESPONSIBILITY" compared the power it brings.
The cloud offers security controls at all possible levels; be it network access on a specific port or IP, a call to a web-service/function or what type of access a user has on the cloud account and what services/resources it can provision. This is one of the key aspects that should be considered and given its due time and effort to ensure that whatever cloud journey you are embarking on will not let you down or impact your customers/users in any negative way possible.
- 12 views